2018.01.05
Fixed potential registry name collisions on Windows for file types and protocols.
Renamed Options to Preferences (Windows) and moved Preferences to the Tools menu (Linux).
Switched off automatic form filling of login credentials and added a preference to control this.
Completely removed the "Mozilla Settings Service" and "Blocklist service" client.
Fixed a margin issue for the navigation bar.
Adjusted the performance-timing resolution to prevent timing-based hardware-specific attacks ("Meltdown"/"Spectre").
Limited the number of shared Array Buffers for normal JS code to prevent allocation issues.
Disabled shared JS memory for the time being to make doubly-sure it can't be abused while "Spectre" is investigated further.

This is the first release on the re-forked and re-based UXP. Regressions are possible as a result. Please do let us know if you find something that regressed.
New release based on UXP (take 2) which is an earlier Mozilla fork-point.
Updated Javascript to fully cover ES6 and a good portion of the later specs.
Implemented (in ongoing fashion) additional spec compliance patches for HTML, DOM and various other standards.
Includes all previous security fixes.

This is a bugfix release.
Fixed an issue with the master password that could make the password store become inaccessible.
Clarified button labels in the password manager and cookie permissions manager.

This is a development and security release.
Updated our strings for soft-blocked items so people will cry less when we do our job and warn about known-problematic add-ons.
Fixed a regression in site-specific user-agent overrides that would prevent proper application on subdomains.
Improved the reader view API.
Removed more dead code from our tree (crashreporter components, gonk).
Removed DMD code.
Removed jprof profiler code.
Removed the SPS profiler.
Slimmed down IPC (ongoing).
Removed the Social API code.
Fixed some media back-end crashes and instabilities.
Updated the fetch API to be more web-compatible.
Limited maximum accepted image sizes for PNG images to prevent abuse/browser DoS.
Blocking of top-level data: navigations is now enabled by default.
Fixed security issues: CVE-2017-0381, CVE-2018-5174, CVE-2018-5155, CVE-2018-5173, CVE-2018-5177, CVE-2018-5159, CVE-2018-5167, CVE-2018-5154 and CVE-2018-5178.
Fixed a number of stability and memory safety hazards that do not have CVE numbers.

This is a development and security release. We're only highlighting the most pertinent changes this time, since there have been over 450 of them.Fixed an issue where windows would not be restored to their proper place if using custom device pixel ratios.Removed the whole UITour system.Removed the use of Disconnect if SafeBrowsing isn't built.Updated the Readability/Reader View components.Updated Cookie gating to be more strict.Updated NSPR/NSS and enabled the use of TLS 1.3 by default.Reinstated string.prototype.contains for compatibility (alias for .includes).Updated kiss-fft to v1.4.0 (fork).Fixed a serious memory leak in the WebP image decoder.Fixed compatibility issues with Youtube Live, .Improved legibility of fonts at certain scale levels on Windows.Fixed Firefox-inherited SSL status ambiguity. SSLStatus.CipherName now actually displays the name. The full suite is still available in the (new) property CipherSuite.Fixed some incorrect CSP handling.Prohibited web access to the moz-icon:// scheme to solve privacy issues with it.Fixed crash hazards in the editor.Removed SSL error reporting telemetry.Updated libwebp image decoder library to 1.0.0 + sec fixes.Made it possible for UXP applications to run within a chrooted environment (provided it's compiled against glibc)Ported several controlling preferences from Pale Moon (prompts.tab_modal.focusSwitch, browser.cache.backend, etc.)Fixed security issues: CVE-2018-12363, CVE-2018-12366, CVE-2018-12364, CVE-2018-12359, CVE-2018-12367, and CVE-2018-12360.Fixed a number of security, stability and memory safety hazards that did not have CVE numbers at the time of implementation.

This is a development release.Added new DataTransfer constructor (spec compliance).Aligned CSS layout flex grid with latest spec.Made the MP4 reader less sensitive to corrupt data.Improved media handling (ongoing).Updated NSPR/NSS and enabled the use of latest draft TLS 1.3.Changed the way network/cert errors are handled and displayed.Fixed an ANGLE rendering issue (WebGL2 crash fix).Added support for sbgp and sgpd boxes in EME.Fixed "sticky" menus in High Contrast themes.Updated zlib to 1.2.11.Enabled Direct3D9 accelerated layers as a fallback if Direct3D11 can't be used.Tuned the network stack for efficiency.Fixed a number of performance issues with the browser.Improved Mac OS X theming (unreleased).Improved compatibility with GCC 8.Reinstated RC4 and 3DES as weak cyphers as an option to enable use in non-standard environments (not enabled for the web by default).Removed most telemetry calling code from C++ and the JS TelemetryStopwatch. This prevents most data gathering and improves performance.Added an option (browser.newtabpage.add_to_session_history) to decide whether to store "about:newtab" in the session history for workflows of people wanting to use the back button to return to the QuickDial page.Added an option (ui.menu.allow_content_scroll) to override the OS convention to prevent scrolling of content when contextual menus are open.Added a horizontal scroll action option for mouse wheel.